In [13]:
%%HTML
<p id = 'heading1_p'>Secure Boot - PIC32CZCA90</p>
<hr id = 'hline'> </hr>
<p id = 'heading1_p' style='font-size: 20px; font-weight: bold;'>Introduction</p>
<div id='div_element'>
<p>This use case validates the application image to support secure boot with the HSM(Hardware Secure Module) embedded in the PIC32CZCA90. It demonstrates the sequential Secure Boot functionality of PIC32CZCA90 in both Development and Production modes.
</p>
<p>In the event of an authentication failure, the Production Secure Boot will not transfer control to the host application, potentially resulting in the board being permanently locked out. To prevent this and safely evaluate secure boot, it is recommended to use the Development Secure Boot Mode for testing and validation before transitioning to Production Secure Boot Mode.
</p>
<p>The secure boot process begins with the Host ROM retrieving a pointer to the FWMD from the device configuration fuses(PTRMETAx) and sends it to the HSM ROM. The HSM ROM authenticates the FWMD. Upon successful authentication, the HSM ROM retrieves the HSM firmware location from the FWMD. It then loads and validates the HSM firmware. The HSM firmware subsequently validates the application.
</p>
<p>The FWMD contains all required information(hash and signature of the image), compiled into a specific format essential for the secure boot process. This use case includes the Firmware Metadata Tool(FWMDT), which generates Firmware Metadata(FWMD).

</div>

<button class= "collapsible" style='font-size: 20px; font-weight: bold;'>   Cryptographic Asset List & Use Case Implementation</button>
<div class="content">
<div id='content_element'>
<hr id = 'h_content'> </hr>
<p style="float: left; font-size: 9pt; text-align: center; 20em; width: 75%; margin-right: 1%;">
    <img src="assets\images\usecase_steps_pic32czca90.png" style="height: 160em; width: 130%"><b>Usecase implementation Steps</b></p>
<p style="float: left; font-size: 9pt; text-align: center; 20em;height: 25em; width: 20%; margin-right: 1%;">
    <img src="assets/images/mm_pic32czca90.png" alt="Memory Map" style="height: 15em; width: 100%"><b>Memory Map</b></p>
<p style="clear: both;">
</div>
</div>
<p id = 'heading1_p' style='font-size: 20px; font-weight: bold;'>Use Case Implementation</p>

<div id='div_element'>
<p>Select your Evaluation kit and click on each step to execute the Use Case. Expand <b> "Cryptographic Asset List & Use Case Implementation" </b> for description of each usecase step. Click on the Usecase Help button in the transaction diagram for additional details.</p>
<p><h4>  Notes:</h4>
<ol>
    <li>Power the board through barrel jack (Vin). It is required to connect both TARGET USB(J102) and DEBUG USB to PC to run this use case. </li>
    <li> Run the use case from 1 to 5 with default selection and inputs atleast once.</li>
    <li><p>The Firmware Meta Data Tool(FWMDT) can be configured for custom applications if required. Follow these steps to configure the tool:</h2>
    </p>
        <ol type="a"><li><strong>Determine Memory Addresses:</strong></li>
        <ul>
            <li><strong>FWMD Address:</strong> This should be approximately 130KB above the end of the program memory.</li>
            <li><strong>HSM Firmware Address:</strong> This should be approximately 2KB from the FWMD address.</li>
            <li><strong>Application Start Address:</strong> The start address to create the digest of the applicaiton 
        </ul>
        <li><strong>Configuration:</strong></li>
        <ul>
            <li>Ensure that the FWMD address matches the address defined in your custom application's configuration fuses (FUSES USERCFG1_FUCFG16_HSM_PTRMETA0).</li>
        </ul>
        <li><strong>Tool Location:</strong></li>
        <ul>
            <li>The FWMD tool is located in the use case root directory: <code>/~/.trustplatform/pic32czca90_secureboot/FWmetadatatool</code>.</li>
        </ul>
        <li><strong>Update the input files:</strong></li>
        <ul>
            <li><code>pic32czca90FwMd.xml</code>: This file includes the memory addresses(FWMD,HSM firmware and start address of the application to validate), path to the images and slot number of the public key.</li>
            <li><code>SecureFlashPage0.xml</code>: This file contains the private key and it details used for signing the FWMD.</li>
        </ul>
        <li><strong>Command to Run the Tool:</strong></li>
        <ul>
            <li>Navigate to the FWMD tool directory and run the following command:</li>
            <div class="code">
                <code>../FWmetadatatool>hsmsfmdgen.exe -s SecureFlashPage0.xml -m pic32czca90FwMd.xml -x hsmSecureFlash.xsd -y FirmwareMetadata.xsd -d outputfwmd.hex</code>
            </div>
        </ul>
        <li><strong>Output:</strong></li>
        <ul>
            <li>The FWMD tool calculates SHA-384 hashes of the HSM firmware and application image, creates the Firmware Metadata (FWMD) including these hashes, and signs it with the private key.</li>
            <li>The tool generates <code>outputfwmd.hex</code>, which is the combined image of the FWMD and HSM firmware.</li>
        </ul>
    </ul>
    </ol>
    </li>
</ol>
</p>
</div>

In [9]:
import os, shutil
from tpds.usecase_diagram import ProtoBoard, UsecaseDiagram
from tpds.tp_utils.tp_settings import TPSettings
from tpds.proto_boards import get_board_path
from IPython.display import display


curr_path = os.path.abspath('')
os.sys.path.extend([os.path.join(os.getcwd(), 'assets', 'python')])
import pic32czca90_secureboot

tp_settings = TPSettings()
usecase_working_dir = os.path.join(tp_settings.get_base_folder(), 'pic32czca90_secureboot')
os.makedirs(usecase_working_dir, exist_ok=True)
boards = ProtoBoard(max_width=400)



app_dev_path_pic32czca90=os.path.join(curr_path,'..','backend','boards','PIC32CZCA90','pic32czca90_led_app_dev.hex')
app_prod_path_pic32czca90=os.path.join(curr_path,'..','backend','boards','PIC32CZCA90','pic32czca90_led_app_prod.hex')
app_disable_sb_pic32czca90=os.path.join(curr_path,'..','backend','boards','PIC32CZCA90','pic32czca90_disable_secureboot.hex')
hsm_hex_pic32czca90=os.path.join(curr_path,'..','backend','boards','PIC32CZCA90', 'pic32czca90_hsm.hex')

fwmdtool_path_pic32czca90=os.path.join(curr_path,'..','backend','Tools')
shutil.copy(app_dev_path_pic32czca90, usecase_working_dir)
shutil.copy(app_prod_path_pic32czca90, usecase_working_dir)
shutil.copy(app_disable_sb_pic32czca90, usecase_working_dir)
shutil.copy(hsm_hex_pic32czca90, usecase_working_dir)
shutil.copytree(fwmdtool_path_pic32czca90, usecase_working_dir,dirs_exist_ok=True)


boards.add_board(
            'PIC32CZCA90 CUltra',
            os.path.join(curr_path,'..','backend','boards','PIC32CZCA90','PIC32CZCA90.png'),
            os.path.join(curr_path,'..','backend','boards','PIC32CZCA90', 'pic32czca90_kit_image.hex'),
            os.path.join(curr_path,'firmware','pic32czca90_led_prod','pic32czca90_LED_prod.X')
            )


boards.render_boards(0)



sec_boot = pic32czca90_secureboot.SecureBootUsecase(boards)
usecase_td = UsecaseDiagram(os.path.join(curr_path,'assets','images','hsm_secureboot_td.png'), working_dir=usecase_working_dir)

#1
kit_protocol_hex = usecase_td.add_script(245,55,30,30, sec_boot.generate_resources)

#2
app_hex = usecase_td.add_script(245,95,30,30, sec_boot.app_hex)

#3
FWMDT_xml_modify = usecase_td.add_script(245,133,30,30, sec_boot.FWMDTool)

#4
combined_image= usecase_td.add_script(245,180,30,30,sec_boot.combined_hex)

#5
flash_output_hex= usecase_td.add_script(245,225,30,30,sec_boot.prog_FWMD)

#4a
disable_secureboot = usecase_td.add_script(495,176,30,30, sec_boot. disable_secureboot)

#2a
pvk_load = usecase_td.add_script(499,95,30,30, sec_boot. prvkey_prod)




usecase_td.add_firmware(boards.get_firmware_project, tp_settings.get_mplab_paths().get('ide_path'))
usecase_td.add_image(726,262,141,27, os.path.join(curr_path,'assets','images', 'c_snippet_template.PNG'), 'Code Snippet')
usecase_td.add_usecase_help(os.path.join(curr_path,'assets', 'pic32czca90-SecureBoot.md'))

display(boards.canvas)
usecase_td.display_canvas()

MultiCanvas(height=200, layout=Layout(margin='50px'), width=200)

VBox(children=(HBox(children=(VBox(children=(VBox(children=(HBox(children=(HBox(children=(Button(description='…